L
Li'nage
Docs
PlatformDocsLearnHelp
Legal Document

Privacy Policy

Last updated: January 18, 2026

Our commitment: This privacy policy is written in plain language, not legal jargon. We believe you deserve to understand exactly what happens to your data without needing a law degree.

The Short Version

Before diving into details, here's what you really need to know:

  • We never store your source code. Li'nage only ingests metadata like package manifests and API schemas.
  • We don't sell your data. Your information is never sold to third parties for advertising or any other purpose.
  • You control your data. You can export, modify, or delete your data at any time from your account settings.
  • We use encryption everywhere. All data is encrypted in transit (TLS 1.3) and at rest (AES-256).

Who This Policy Applies To

This privacy policy applies to all users of Li'nage Cloud, including:

  • Account holders who sign up for free or paid plans
  • Team members invited to organization workspaces
  • Visitors browsing our public documentation and marketing pages
  • API consumers integrating with Li'nage Cloud programmatically

If your organization has a custom enterprise agreement with us, that agreement may contain additional privacy terms that supplement or modify this policy.

Data We Collect

We collect only the data necessary to provide and improve our service. Here's a complete breakdown:

Account Information

When you create an account, we collect:

  • Email address: Used for authentication, notifications, and support communication
  • Name: Used for personalization and team collaboration features
  • Password: Stored using bcrypt hashing with automatic salting—we cannot see your password
  • Organization name: Used to identify your workspace and enable team features

Repository Metadata

When you connect repositories or run our CLI, we ingest:

  • Package manifests: Files like package.json, requirements.txt, go.mod that list dependencies
  • Lock files: Files like package-lock.json or yarn.lock that pin exact versions
  • API specifications: OpenAPI/Swagger files that describe your service interfaces
  • Build configuration: CI/CD configurations that help us understand your deployment topology

What We Do NOT Collect

  • ❌ Source code files (.js, .py, .go, etc.)
  • ❌ Environment variables or secrets
  • ❌ Database contents or user data from your applications
  • ❌ Private keys, tokens, or credentials (we filter these automatically)

Usage Analytics

We collect anonymized usage data to improve the product:

  • Feature usage: Which features you use most frequently
  • Performance metrics: Page load times, graph rendering performance
  • Error reports: Anonymized crash reports to help us fix bugs
  • Browser/device info: Browser type, screen resolution, OS (for compatibility)

You can opt out of non-essential analytics in your account settings without affecting core functionality.

Cookies and Tracking

We use cookies for essential functionality. Here's what each type does:

Cookie TypePurposeDuration
SessionKeeps you logged in24 hours
PreferencesRemembers UI settings (theme, graph preferences)1 year
AnalyticsAnonymized usage tracking (opt-out available)30 days

We do not use third-party advertising cookies. Our analytics are self-hosted and do not share data with advertising networks.

How We Use Your Data

We use the data we collect for the following specific purposes:

Providing the Service

Building and displaying your dependency graphs, calculating impact analysis, generating reports.

Account Management

Authenticating your login, managing team permissions, processing subscription payments.

Communication

Sending security alerts, service updates, and support responses. Marketing emails only with explicit consent.

Product Improvement

Analyzing aggregate usage patterns to improve features and performance (never individual behavior).

Security & Compliance

Detecting and preventing fraud, abuse, and security threats to protect all users.

Data Sharing and Third Parties

We share data with third parties only when necessary to provide our service:

Infrastructure Providers

  • Microsoft Azure: Cloud hosting and database services (data stored in US East region by default, EU available on request)
  • Vercel: Frontend hosting and CDN delivery
  • Stripe: Payment processing (we never see your full credit card number)

We Never Share Data With

  • ❌ Advertising networks or data brokers
  • ❌ Social media platforms
  • ❌ Third-party analytics companies (we use self-hosted analytics)
  • ❌ Any party for purposes beyond providing our service

Legal Requirements

We may disclose data if required by law (court order, subpoena) or to protect the safety of our users. In such cases, we will notify affected users unless legally prohibited from doing so.

Data Security

We implement industry-standard security measures:

  • Encryption in transit: All connections use TLS 1.3
  • Encryption at rest: All stored data uses AES-256 encryption
  • Access controls: Strict RBAC within our engineering team
  • Audit logging: All data access is logged and monitored
  • Penetration testing: Regular third-party security assessments
  • Vulnerability management: Rapid patching of security issues (we eat our own dog food here)

Your Rights and Controls

You have full control over your data:

Access Your Data

Download a complete export of all your data from Settings → Data Export.

Correct Your Data

Update your profile information at any time from your account settings.

Delete Your Data

Request complete deletion from Settings → Danger Zone. We will permanently delete all your data within 30 days.

Data Portability

Export your dependency data in open formats (JSON, CSV) for use with other tools.

For GDPR (EU) or CCPA (California) specific requests, contact us at privacy@linage.cloud with "Data Rights Request" in the subject line.

Data Retention

We retain different types of data for different periods:

  • Account data: Retained until you delete your account
  • Dependency data: Retained until you delete the project or account
  • Usage analytics: Aggregated and anonymized after 90 days
  • Audit logs: Retained for 2 years for security and compliance
  • Support correspondence: Retained for 3 years

After account deletion, we purge all personal data within 30 days. Some anonymized, aggregated data may be retained for product analytics.

International Data Transfers

Li'nage Cloud is operated from the United States. If you are located outside the US, your data may be transferred to and processed in the US. We ensure appropriate safeguards:

  • Standard Contractual Clauses (SCCs) for EU data transfers
  • Data Processing Agreements available for enterprise customers
  • EU data residency option available on Enterprise plans

Children's Privacy

Li'nage Cloud is not intended for users under 16 years of age. We do not knowingly collect personal information from children. If we discover we have collected data from a child, we will delete it immediately.

Changes to This Policy

We may update this policy as our practices evolve. For significant changes, we will:

  • Email all registered users at least 30 days before changes take effect
  • Display a prominent notice in the application
  • Provide a clear summary of what changed

Minor clarifications or formatting changes may be made without notice.

Contact Us

Questions about this privacy policy? We're happy to explain anything in more detail.

Privacy questions: privacy@linage.cloud
Data rights requests: privacy@linage.cloud (subject: "Data Rights Request")
General support: Help Center

We aim to respond to all privacy-related inquiries within 5 business days.